U.S., EU Strike New Safe Harbor Agreement

The Computer & Communications Industry Association, BSA/The Software Alliance and others were welcoming the news Tuesday that U.S. and European Union negotiators had struck an agreement on a new Safe Harbor framework for commercial data flows between the U.S. and Europe; The State Department confirmed that an agreement had been reached.

The U.S. and EU had a Jan. 31 deadline for coming up with a new framework before data protection actions could be brought after a European Union court in October invalidated the current safe harbor in the wake of Edward Snowden's revelations about U.S. government surveillance. But in advance of more negotiations, Justin Antonipillai, deputy general counsel of the Department of Commerce and a leading figure in those negotiations, had suggested the deadline was actually going to be Feb. 2 given that Jan. 31 was a Sunday and there were working party meetings set for Feb. 2.

The agreement affects thousands of U.S. companies storing of EU member state citizens. The U.S. and EU have been working on a new agreement since the 2013 Snowden revelations, but the court decision imposed that deadline.

“We welcome the agreement, which will provide strong privacy safeguards for consumers and legal certainty for the thousands of companies that depend on transatlantic data flows," CCIA said in a statement. "We commend the European Commission and U.S. negotiators for agreeing on a strengthened framework, which we will now examine in further detail.”

CCIA also said there should be some flexibility in transitioning to the new agreement once it is finalized.

“We call on European Data Protection Authorities to endorse this new and strengthened framework and give time for Safe Harbor companies to transition. We also urge that existing commercial data transfer mechanisms remain viable.”

“We, Europe and the United States, are in this together, and are encouraged by this achievement that will promote a stable and secure environment,” said Victoria Espinel, president and CEO of BSA/The Software Alliance. “We and our member companies stand ready to work with data protection authorities and all interested stakeholders to determine ways to ensure a smooth transition to this much-needed new framework.”

The deal must still be approved by the EU member states and privacy groups that last week were threatening to challenge it in court.